Why Aren’t Chip Cards Stopping Fraud?
One of the selling points of our new chip-based credit cards was that they were going to reduce credit card fraud. However, a recent report released by the Gemini Advisory (a security analysis firm made up of Dark Web intelligence experts) found that credit card theft has actually been on the rise in the last 12 months.
That’s shocking, considering that we have been using chip-based credit cards here in the U.S. for three years now. So, why aren’t these new chip cards working the way they were supposed to, and what can we do to protect ourselves when these technological safeguards don’t do it for us?
While the information from chip-based credit cards is still being stolen in surprising numbers, the fault doesn’t seem to lie with the technology itself. Instead, merchants appear to be at-fault.
New(ish) EMV chips enable you to insert your card into a cashier’s point-of-sale (POS) terminal rather than swiping its magnetic strip. The chip will then create a unique code for every transaction that is initiated, switching up the information each time you insert your card at the register. This means that any stolen chip-card information would be changed before a thief even had a chance to use it.
By contrast, magnetic strips carry all of the cardholder’s necessary account information in a static format. The transaction info your card provided at the grocery store last week, the gas station yesterday, and the movie theater today is all identical, if you swiped rather than inserted a chip. This makes magnetic strips less secure, as any information stolen could be replicated and used repeatedly (until the fraud was detected).
So, if chip-based credit cards have been in circulation for three years now, and they are infinitely more secure than magnetic strips, why is credit card fraud on the rise? Well, it seems that many merchants still aren’t using chip readers for transactions, putting everyone’s information at risk.
We have all encountered shops that still request a card swipe at the register. In fact, Visa said that as of February of this year, only 59% of merchants were able to accept chip cards. Other times, we swipe at places like the gas pump, where merchants have until 2020 to switch terminals over to the new chip readers.
No matter where the transaction occurs, swiping allows any stolen information to be used fraudulently.
Of the 60 million credit card numbers that the Gemini Advisory found being sold on the Dark Web this year, 25 percent (17 million) were stolen through online breaches. The remaining 75 percent (45 million), though, were stolen directly from merchants’ point-of-sale terminals. Of those, almost 42 million were chip-based cards.
While a chip card can’t protect your information from online breaches, it can save your card number from being stolen at a merchant’s terminal. But it’s up to you to be vigilant.
Be sure to check terminals for signs of tampering; gas stations, ATMs, and shops can have skimmers placed on their terminals by thieves, which will steal your card information. If the card reader wiggles or looks strange in any way, alert the merchant and don’t use your card there.
When given the choice between swiping a card at the register or using cash, cash is the safer bet. For gasoline purchases, you can also pay inside using a chip reader or even pay at the pump with apps like Chase Pay. Either way, the easiest way to prevent your information from being stolen, sold, and used is to refuse to swipe a card – especially if it’s chip-enabled.
This is especially true for debit cards, which don’t offer the same fraud liability protections as credit cards. If you’re still going to use a card online or swipe one at a terminal, make sure it’s a credit card from a major issuer, who will protect consumers if their information is stolen and used.